Gitlab News Articles
Recent news articles refferecing the vendors vulnerabilities.
Yanac.huCVE-2025-6948CVE-2025-6948 | GitLab Community Edition/Enterprise Edition up to 17.11.5/18.0.3/18.1.1 cross site scripting (Issue 552616)
A vulnerability has been found in GitLab Community Edition and Enterprise Edition up to 17.11.5/18.0.3/18.1.1 and classified as problematic. Affected by this vulnerability is an unknown functional…
about.gitlab.comGitLab Patch Release: 18.1.2, 18.0.4, 17.11.6
Learn more about GitLab Patch Release: 18.1.2, 18.0.4, 17.11.6 for GitLab Community Edition (CE) and Enterprise Edition (EE).
GitLab patches high severity account takeover, missing auth issues
GitLab has released security updates to address multiple vulnerabilities in the company's DevSecOps platform, including ones enabling attackers to take over accounts and inject malicious jobs in future pipelines.
CVE-2025-1908: GitLab Vulnerability Allows User Activity Tracking Leading to Account Takeover
Learn about CVE-2025-1908, a critical vulnerability in GitLab that allows user activity tracking and potential account takeovers. Find out how to fix it and protect your application.
GitLab patches 2nd critical pipeline vulnerability in last month
CVE-2024-6385, like another bug patched last month, could allow attackers to run pipelines as any user.
The Hacker NewsCVE-2024-9164New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution
GitLab fixes eight security flaws, including a critical CI/CD pipeline vulnerability CVE-2024-9164. Update now!
GitLab patches bug that could expose a CI/CD pipeline to supply chain attack
Security pros called this GitLab patch an urgent one because an exploited CI/CD pipeline could lead to a serious supply chain compromise.
The Hacker NewsCVE-2024-6678Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution
GitLab patches critical flaw (CVE-2024-6678) allowing unauthorized pipeline job execution. Update to latest version to protect your repositories
Security-InsiderCVE-2024-4835GitLab Sicherheitsupdates: CVE-2024-4835 Cross-Site-Scripting Lücke behoben
GitLab veröffentlicht wichtige Sicherheitsupdates, um CVE-2024-4835 Cross-Site-Scripting Schwachstelle und weitere Lücken zu schließen. Admins sollten sofort aktualisieren.
Severe vulnerabilities addressed by GitLab, others
GitLab has issued a fix for the critical flaw in GitLab Community Edition and Enterprise Edition software, tracked as CVE-2024-6385, which could be leveraged for arbitrary pipeline job execution.
GitLab patches 2nd critical pipeline vulnerability in last month
CVE-2024-6385, like another bug patched last month, could allow attackers to run pipelines as any user.
GitLab Sends Users Scrambling Again With New CI/CD Pipeline Takeover Vuln
The bug is similar — but not identical — to a critical flaw GitLab patched just two weeks ago.
IT ProCVE-2024-6385This critical GitLab flaw allows attackers to run pipeline jobs as other users – patch now
GitLab has patched a critical vulnerability that allows attackers to run pipeline jobs as any other user, recommending that users upgrade immediately.
GitLab: Critical bug lets attackers run pipelines as other users
GitLab warned today that a critical vulnerability in its product's GitLab Community and Enterprise editions allows attackers to run pipeline jobs as any other user.
Over a dozen GitLab vulnerabilities addressed
Most severe of the addressed flaws is a critical bug in GitLab CE/EE versions newer than 15.8, 17.0, and 17.1, tracked as CVE-2024-5655, which could be leveraged to facilitate automated execution of a pipeline upon the automated re-targeting of a merge request.
Critical GitLab Bug Threatens Software Development Pipelines
The company is urging users running vulnerable versions to patch CVE-2024-5655 immediately, to avoid CI/CD malfeasance.
The Hacker NewsCVE-2024-5655GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others
GitLab releases security updates fixing 14 vulnerabilities, including critical CI/CD flaw CVE-2024-5655. Update now to ensure protection.
CISA: Immediate GitLab account takeover flaw remediation crucial amid attacks
Ongoing intrusions targeting GitLab instances impacted by the maximum severity account takeover vulnerability, tracked as CVE-2023-7028, have prompted the flaw's inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, with federal agencies urged t...
High-severity GitLab flaw lets attackers take over accounts
GitLab patched a high-severity vulnerability that unauthenticated attackers could exploit to take over user accounts in cross-site scripting (XSS) attacks.
Critical GitLab account takeover flaw added to CISA’s KEV Catalog
More than 2,100 servers may still be vulnerable to GitLab password reset exploits.
Critical GitLab Bug Under Exploit Enables Account Takeover, CISA Warns
Patch now: Cyberattackers are exploiting CVE-2023-7028 (CVSS 10) to take over and lock users out of GitLab accounts, steal source code, and more.
Patch GitLab vuln without delay, users warned | Computer Weekly
The addition of a serious vulnerability in the GitLab open source platform to CISA’s KEV catalogue prompts a flurry of concern
CybersecurityNewsCVE-2023-7028CISA Warns Of Hackers Actively Attacking GitLab Password Reset Vulnerability
Washington, D.C., May 1, 2024 – The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert concerning a newly
GitLab password reset bug leaves more than 5.3K servers up for grabs
A critical zero-click account takeover exploit affects GitLab Community and Enterprise Editions.
The Hacker NewsCVE-2023-7028CISA Warns of Active Exploitation of Severe GitLab Password Reset Vulnerability
A critical flaw (CVE-2023-7028) is being actively exploited, allowing account takeover by sending password reset emails to unverified addresses.